Phishing has evolved from a mere nuisance into a global epidemic, negatively affecting the operations of organizations of all sizes and across all industries at high frequency according to a new report by IRONSCALES.

In 2016 alone, the SANS Institute revealed that 95% of all cyberattacks began with spearphishing; the Ponemon Institute reported 86% of all phishing attacks contain ransomware, while the Anti Phishing World Group (APWG) discovered a 65% increase in phishing attacks compared to the previous year, totaling 1,220,523 attacks wordwide.

“Of all attack vectors, email remains the most commonly exploited for a variety of reasons. Malicious emails
continue to easily bypass legacy SPAM Filters, firewalls, and gateway security scans that still inexcusably rely on
signatures and email content scanning when analyzing messages,” states the report titled Trend report – How modern email Phishing attacks have Organisations on the Hook.

IRONSCALES notes that due to human nature, it takes only a few unaware or preoccupied users to download or click on a malicious email link or attachment to inadvertantely provide attackers with access to sensitive corporate
networks and data.

Thirdly, a report from FireEye cites the average time from breach to detection being 146 days globally, and
a colossal 469 days for the EMEA region, which means early detection and alerts are as important as ever.

In the midst of phishing attacks becoming exponentially more sophisticated and targeted, the majority of email security providers continue to offer signature-based and behavioral signature solutions that scan links and attachments; determine domain reputation and verify sender-receiver relationship, among other futile safeguards.

“Knowing that the use of signature and rules-based solutions continue as the status quo, attackers often find their hacking tools and techniques relatively unchallenged by defenses that are limited to following rules that hackers can easily subvert through spearphishing and social engineering. Although there is almost universal agreement by malware researchers to ditch YARA Rules and regular expressions, many email security solutions are lagging in doing so. In the meantime, many mid-sized and large organizations are investing millions in security awareness and training to help employees identify and report phishing emails in realtime,” states the report.

“But what most of the cybersecurity industry and many organizations don’t yet fully realize, is that to truly
minimize the risk of email phishing attacks, machines and humans must continuously work together.”

During the study, IRONSCALES states that it analyzed data from more than 100 of its customers and 500,000 mailboxes across four continents from 2016 to 2017 in order to better understand trends in email phishing, attacker patterns, phishing tools & techniques, and hacker preferences. In total, more than 8,500 verified attacks that bypassed spam filters were evaluated.

According to the report, attackers target specific individuals who they deem most susceptible to social engineering attacks. The attackers are also finding it increasingly beneficial to target attacks on fewer mailboxes because:
1. they prefer to stay below the rader (the less people targeted, the fewer conversations, as a result of less alarm bells raised).
2. more sophisticated targeting allows for tailored messages to certain projects and jobs.
3. Hyper-personalized targeting has proven effective at tricking people susceptable to emails written with a
personal touch.

Related Articles

IRONSCALES, the automated phishing prevention, detection and response platform, has announced the results of a recent survey of security professionals at Infosecurity London, Europe’s largest information security conference drawing 15,000 attendees from around the world. […]

Like this:

IBM researchers received a total of 9,043 patents in 2017, marking the company’s 25th consecutive year of U.S. patent leadership and crossing the 100,000-patent milestone. The new patents were granted to a diverse group of […]

Like this:

INTERPOL has joined the No More Ransom project which helps the public protect itself from ransomware while assisting victims to recover their data without having to pay the criminals involved. The No More Ransom project was […]

Leave a Reply

Be the first to comment

Specify a Disqus shortname at Social Comments options page in admin panel

advert:

About us:

For news, updates, views, analyses and reviews on tech and ICT developments in Kenya, Africa and the world.
For editorial and advertising partnerships, call +254-725-537823 / +254-735-537823 or send an email to aptantech@gmail.com or omondi.ouma@gmail.com.
We also provide Press Release writing and distribution services to local and regional news outlets. Don't hesitate to contact us for media coordination when you've an event.

Advert Dimensions:

For Advertising inquiries:

Above – click on the image for clarity – are the various advert placement positions and dimensions on the blog. For bookings and more info, get in touch through: +254-725-537823 / +254-735-537823 or send an email to: aptantech@gmail.com or omondi.ouma@gmail.com.